That hack reportedly took place in 2012 and the data gathered from it and for sale now on the dark web contains 200 million Yahoo user IDs, birth dates, other email addresses, and “easily decrypted passwords,” says a report from Recode. The alleged hack by a cybercriminal known as “Peace” became known back in August, but at the time Yahoo declined to say if it was legitimate. The company is now set to verify the hack this week, says Recode. Confirmation of the hack could not come at a worse time as Yahoo is in the middle of a $4.8 billion sale of its core business to Verizon. Such a hack could cause legal problems for Verizon or even reduce the value and worth of the company for its soon-to-be new owner.

Yahoo has experienced hacking before, albeit not on this scale. Back in January 2013, a hacker posted a video to YouTube detailing an exploit for hacking into Yahoo Mail accounts. Though Yahoo said it fixed the flaw, for months afterward an unspecified number of accounts were hacked. As a result, Yahoo lost of some of its business clients, including British Telecom.